, , ,

CentOS 8 Set Up OpenVPN Server In 5 Minutes

No comments

 The steps are as follows:

Please note that {root@centos8:~ }$ is my shell prompt and is not part of actual commands. In other words, you need to copy and paste command after my shell prompt.

Step 1 – Update your system

Run the dnf command or yum command to install CentOS 8 security updates:
{root@centos8:~ }$ sudo dnf updateOR
{root@centos8:~ }$ sudo yum update
Next, install tar on CentOS and also install wget on CentOS 8
{root@centos8:~ }$ sudo yum install tar wget

Step 2 – Find and note down your server’s IPv4 or IPv6 address

Use the ip command as follows:
{root@centos8:~ }$ ip a{root@centos8:~ }$ ip a show eth0
Find CentOS 8 Linux server IP address
We can try the following dig command/host command to find out your public IP address from Linux command line:
{root@centos8:~ }$ dig +short myip.opendns.com @resolver1.opendns.comOR
{root@centos8:~ }$ dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'
Sample outputs:

172.105.120.133

Please note down 172.105.120.133 IP address. You need to replace this one with your actual IPv4.

A note about your IPv4 and IPv6 address

Most cloud servers have two types of IP address:

  1. Public static IP address directly assigned to your box and routed from the Internet. For example, Linode, Digital Ocean, and others give you direct public IPv4/IPv6 address.
  2. Private static IP address directly attached to your server and your server is behind NAT with public IP address. For example, AWS EC2/Lightsail, Google Cloud and others provide you this kind of NAT public IP address.

The script will automatically detect your networking setup. All you have to do is provide a correct IPv4 or IPv6 address when asked for it. Hence, we used the above command to determine our IP address in advance.

Step 3 – Download and run centos-8-vpn.sh script

I am going to use the wget command:
{root@centos8:~ }$ wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos-8-vpn.sh
Make sure you set up permissions using the chmod command:
{root@centos8:~ }$ chmod +x centos-8-vpn.sh
One can view the script using a text editor such as vim/vi too :
{root@centos8:~ }$ vim centos-8-vpn.sh
Downloading CentOS Linux 8 OpenVPN script

Installing OpenVPN server on CentOS 8 Linux using the centos-8-vpn.sh

Now all you have to do is run shell script on Linux:
{root@centos8:~ }$ sudo ./centos-8-vpn.sh
Sample session from my Linode cloud server with direct public IPv4 address:
CentOS 8 Set Up OpenVPN yum command
Sample session from AWS/Lightsail where my cloud server is behind NAT:
AWS CentOS Linux 8 server with NAT IPv4 address

Desktop or Mobile client configuration

When VPN server configuration done, we can create a desktop/mobile client VPN configuration file. You will be prompted as follows:

OpenVPN Mobile or Desktop Client Configuration with or without a password

Do you want to protect the VPN configuration file with a password?

How do I start/stop/restart OpenVPN server on CentOS 8 ?

#--- Stop the server ---#
{root@centos8:~ }$ sudo systemctl stop openvpn-server@server.service
#--- Start the server ---#
{root@centos8:~ }$ sudo systemctl start openvpn-server@server.service
#--- Restart the server ---#
{root@centos8:~ }$ sudo systemctl restart openvpn-server@server.service
#--- Get the server status ---#
{root@centos8:~ }$ sudo systemctl status openvpn-server@server.service
OpenVPN running on CentOS 8

Step 4 – Connect an OpenVPN server using IOS/Android/Linux/MS-Windows client

On server your will find a client configuration file called ~/DesktopVPNClient.ovpn. All you have to do is copy this file to your local desktop using the scp command:
{root@centos8:~ }$ scp vivek@172.105.120.136:~/DesktopVPNClient.ovpn .
Next, provide this file to your OpenVPN client for connection purposes:

  1. Download Apple iOS client from Apple App store
  2. Grab Android client from Google Play store
  3. Apple MacOS (OS X) client
  4. Microsoft Windows 8/10 client

OpenVPN Linux desktop client configuration

First, install the openvpn client for your desktop, enter:
{root@centos8-client:~ }$ sudo yum install openvpn
For Debian/Ubuntu Linux try the apt command/apt-get command:
{root@debian-client:~ }$ sudo apt install openvpn
Next, copy DesktopVPNClient.ovpn as follows:
{root@centos8-client:~ }$ sudo cp DesktopVPNClient.ovpn /etc/openvpn/client.conf
Test connectivity from the CLI:
{root@centos8-client:~ }$ sudo openvpn --client --config /etc/openvpn/desktop.conf
Our Linux desktop system will automatically connect when computer restart using openvpn script/service:
{root@centos8-client:~ }$ sudo systemctl start openvpn@client

Step 5 – Verify/test the connectivity

Execute the following commands after connecting to OpenVPN server from your Linux desktop client:
#Ping to the OpenVPN server gateway
{root@centos8-client:~ }$ ping 10.8.0.1
#Make sure routing setup working
{root@centos8-client:~ }$ ip route
#Must return public IP address of OpenVPN server
{root@centos8-client:~ }$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

Step 6 – How to add or remove OpenVPN client

Log in to your CentOS 8 Linux server and run the script again:
{v@centos8:~ }$ sudo ./centos-8-vpn.sh
You will see option as follows:

Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install

It looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]:

Choose an option as per your needs.

Continue reading CentOS 8 Set Up OpenVPN Server In 5 Minutes